|
Dan Eloff
dan.eloff at gmail.com
Wed Apr 26 11:37:44 EDT 2006
> Digest auth protects your password very well (it's not sent over the network at all). It does not > protect the contents or URL or any other part of the request like SSL does. It is very hard to > calculate a password based on its MD5 hash alone. Yes, it protects the password perfectly. But that just stops a person from using your username and password to login with. It's remarkably easy to just send the username and digest and gain access to all the same things. Most people who would have the skills to glean your username/password from the communications would know how to do this. So it only offers the illusion of security. -Dan
|